Apple and Meta gave user data to hackers who used forged legal requests | Ukrainian leader wages digital war | How China’s TikTok, Facebook influencers push propaganda
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Apple Inc. and Meta Platforms Inc., the parent company of Facebook, provided customer data to hackers who masqueraded as law enforcement officials, according to three people with knowledge of the matter. Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Bloomberg
Weeks after Russia invaded, Ukraine’s youngest cabinet minister launched a complaint to the Chinese drone company DJI, claiming that Russia’s military was using its popular technology to target missile attacks. With such shrewd online maneuvers, the deputy prime minister has emerged as one of Ukraine’s most visible leaders, a digital savant marshaling global tech companies and local resources in a conflict he has begun to call “World Cyberwar I.” The Washington Post
As China continues to assert its economic might, it is using the global social media ecosystem to expand its already formidable influence. AP News
ICPC
UK, Australia and ASEAN cooperation for safer seas
ASPI
Huong Le Thu and Bart Hogeveen
Our main recommendation for UK–Australia–ASEAN collaboration is to explore the newer and rapidly developing, but far less chartered areas of cybersecurity and emerging technologies and their application in the maritime security domain. In cyber and technology issues, the UK and Australia have a demonstrated track record and expertise, experience and approaches. It’s also an area in which the UK and Australia can reasonably expect to have resources, drawn from the public and private sectors, to sustain this effort. Most of all, it’s also an area of growing interest from partners in Southeast Asia which are putting digital transformation and Industry 4.0 at the forefront of their (post-Covid) development strategies.
Budget’s $9.9b cybersecurity spending is worth every dollar
Financial Review
Karly Winkler
The $9.9 billion announced in Tuesday’s budget for the Australian Signals Directorate is a windfall for Australia’s cyber and intelligence capabilities. The colourfully named project “REDSPICE” (code for “Resilience, Effects, Defence, Space, Intelligence, Cyber & Enablers) is an expensive program that intends to double the ASD’s workforce, dramatically increase Australia’s protective and offensive cyber capabilities – enhanced by AI and smart technologies – and significantly increase its national and global footprint.
World
Researchers used a decommissioned satellite to broadcast hacker TV
WIRED
Lily Hay Newman
Koscher and his colleagues received permission last year to access and broadcast from a Canadian satellite known as Anik F1R, launched to support Canadian broadcasters in 2005 and designed for 15 years of use. The satellite's coverage extends below the US southern border and out to Hawaii and the easternmost part of Russia. The satellite will move to its graveyard orbit soon, and nearly all other services that use it have already migrated to a new satellite. But while Anik F1R still had its uplink license and transponder slot lease, Koscher had the opportunity to take over and broadcast to the northern hemisphere.
Ukraine - Russia
4,000 letters and four hours of sleep: Ukrainian leader wages digital war
The Washington Post
Cat Zakrzewski
Weeks after Russia invaded, Ukraine’s youngest cabinet minister launched a complaint to the Chinese drone company DJI, claiming that Russia’s military was using its popular technology to target missile attacks. With such shrewd online maneuvers, the deputy prime minister has emerged as one of Ukraine’s most visible leaders, a digital savant marshaling global tech companies and local resources in a conflict he has begun to call “World Cyberwar I.”
Twitter bot network amplifying Russian disinformation about Ukraine war, researcher says
ABC
James Purtill
As Russian tanks rolled across the Ukraine border on February 24, Russia's state-controlled or affiliated news organisations flooded social media with Kremlin disinformation narratives. An army of automated Twitter accounts, or bots, stood ready to promote these posts and game the platform: liking tweets pushing pro-Russian justifications for the war ranging from "denazification", stopping genocide, or shutting down bioweapons labs.
Russian regulators threaten YouTube with fines for ‘information war’
The Washington Post
Gerrit De Vynck
Russia’s telecom regulator said it would fine Google for not removing certain videos from its YouTube video service, stepping up its threats against YouTube, the last major U.S. social media network still active in the country. Roskomnadzor, Russia’s official digital censor, said YouTube is “one of the key platforms participating in the information war against Russia” and accused it of harboring videos from far-right Ukrainian groups Right Sector and the Azov Battalion. Searches on YouTube for the two groups primarily showed news videos about the groups and the war.
Russian hackers targeted NATO, eastern European militaries - Google
Reuters
Reuters
Russian hackers have recently attempted to penetrate the networks of NATO and the militaries of some eastern European countries, Google's Threat Analysis Group said in a report published on Wednesday. The report did not say which militaries had been targeted in what Google described as "credential phishing campaigns" launched by a Russian-based group called Coldriver, or Callisto.
Tracking cyber activity in Eastern Europe
Google
Billy Leonard
In early March, Google’s Threat Analysis Group (TAG) published an update on the cyber activity it was tracking with regard to the war in Ukraine. Since our last update, TAG has observed a continuously growing number of threat actors using the war as a lure in phishing and malware campaigns. Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open malicious emails or click malicious links.
Putin advisers ‘afraid to tell him truth’ about Ukraine error, says GCHQ head
The Guardian
Dan Sabbagh and David Smith
Vladimir Putin has made a strategic miscalculation in launching the invasion of Ukraine and his advisers are “afraid to tell him the truth” about the extent of his error, the boss of British spy agency GCHQ will say in a speech on Thursday. The spy chief also warned China not to become “too closely aligned” with Russia as the war continues, the latest in a string of remarks by western leaders and officials aimed at trying to persuade Beijing not to supply Moscow with money and arms.
Russians need VPNs. The Kremlin hates them
WIRED
Morgan Meaker
As the number of blocked sites grew, huge numbers of Russians turned to VPN companies—which connect users in one country’s censored internet to a server in another country, where there are less restrictions—as bridges out of Moscow’s shrinking internet. After Russia invaded Ukraine, VPN companies say the number of Russian users has spiked. The VPN company Windscribe told WIRED that almost a million people from Russia had signed up since the war started, 20 times the usual rate.
China
How China’s TikTok, Facebook influencers push propaganda
AP News
Amanda Seitz, Eric Tucker and Mike Catalini
To her 1.4 million followers across TikTok, YouTube, Instagram and Facebook, Vica Li says she is a “life blogger” and “food lover” who wants to teach her fans about China so they can travel the country with ease. “Through my lens, I will take you around China, take you into Vica’s life!” she says in a video posted in January to her YouTube and Facebook accounts, where she also teaches Chinese classes over Zoom. But that lens may be controlled by CGTN, the Chinese-state run TV network where she has regularly appeared in broadcasts and is listed as a digital reporter on the company’s website. And while Vica Li tells her followers that she “created all of these channels on her own,” her Facebook account shows that at least nine people manage her page.
China’s cultural industry is being co-opted for disinformation operations
ASPI The Strategist
Albert Zhang
Beijing’s quest to promote positive images of China overseas blurs the distinction between publicity and propaganda. Government departments contract private companies to funnel disinformation on Western social media and co-opt influencers alongside their legitimate public-relations activities. Consequently, the country’s cultural industry is financially incentivised to follow a broader ideological agenda while being strangled by censorship and regulation on sensitive issues.
China plans new restrictions in its booming live-streaming sector
The Wall Street Journal
Keith Zhai and Liza Lin
China is planning new curbs on the country’s $30 billion live-streaming industry, according to people familiar with the matter, renewing a regulatory campaign aimed at reining in technology companies and exerting greater influence over the content consumed by its young people.
I won't stop talking': Ukrainians in China fight disinformation
AFP News
Laurie Chen
Thousands of miles from a home consumed by conflict, a group of Ukrainians in China have found themselves on the frontlines of an information war, battling pro-Russia bias, trolls and censorship. Around 300 volunteer Ukrainian translators, with some also based overseas, are relaying key events from Russia's war on their homeland into Chinese.
USA
FBI arrests 65 in BEC scams that took $51M from US businesses
CyberScoop
Tonya Riley
The FBI and global partners carried out an operation that resulted in the arrest of 65 U.S. individuals that allegedly scammed more than $51 million from U.S. businesses, the bureau announced Wednesday. The scammers are believed to have targeted over 500 U.S. victims, including a Puerto Rico-based renewable energy supplier, with business email compromise (BEC) scams. In BEC fraud, hackers pose as a legitimate company employee either through a fake or stolen account to order unauthorized money transfers.
Exclusive: U.S. probe of Google Maps picks up speed
Reuters
Diane Bartz and Paresh Dave
The U.S. Justice Department has breathed new life into an investigation of Google Maps to determine if bundling the service together with other Google software illegally stifles competition, according to two sources familiar with the matter. The probe of the Alphabet Inc (GOOGL.O) unit first came to light in late 2020 and had been quiet until recent months when investigators again began making inquiries, the sources said.
UK
Use of Russian technology products and services following the invasion of Ukraine
UK National Cyber Security Centre
Ian Levy
As expected, there are ongoing cyber attacks against Ukrainian infrastructure (including those that we've attributed with our partners to the Russian intelligence services), but we've not seen - and don’t expect to see - the massive, global cyber attacks that some had predicted. However, we have previously seen Russia acting against UK interests, and also acting through proxy compromises to get to UK entities (for example with the SolarWinds Orion software, and in going after UK telecoms networks to get to their customers).
Europe
Putin’s hackers gained full access to Hungary’s foreign ministry networks, the Orbán government has been unable to stop them
Direkt36
Panyi Szabolcs
Péter Szijjártó knew long ago that Russia’s intelligence services had attacked and hacked into the IT systems of the Ministry of Foreign Affairs and Trade (MFA), which he headed. By the second half of 2021, it had already become clear that the Russians had completely compromised the foreign ministry’s computer network and internal correspondence, and had also hacked into the encrypted network used to transmit “restricted” and “confidential” state secrets and diplomatic information, which can only be used under strict security measures.
Big Tech
Apple and Meta gave user data to hackers who used forged legal requests
Bloomberg
Apple Inc. and Meta Platforms Inc., the parent company of Facebook, provided customer data to hackers who masqueraded as law enforcement officials, according to three people with knowledge of the matter. Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, such emergency requests don’t require a court order.
Facebook paid GOP firm to malign TikTok
The Washington Post
Taylor Lorenz and Drew Harwell
Facebook parent company Meta is paying one of the biggest Republican consulting firms in the country to orchestrate a nationwide campaign seeking to turn the public against TikTok. The campaign includes placing op-eds and letters to the editor in major regional news outlets, promoting dubious stories about alleged TikTok trends that actually originated on Facebook, and pushing to draw political reporters and local politicians into helping take down its biggest competitor. These bare-knuckle tactics, long commonplace in the world of politics, have become increasingly noticeable within a tech industry where companies vie for cultural relevance and come at a time when Facebook is under pressure to win back young users.
How war in Ukraine roiled Facebook and Instagram
The New York Times
Ryan Mac, Mike Isaac and Sheera Frenkel
Meta, which owns Facebook and Instagram, took an unusual step last week: It suspended some of the quality controls that ensure that posts from users in Russia, Ukraine and other Eastern European countries meet its rules. Under the change, Meta temporarily stopped tracking whether its workers who monitor Facebook and Instagram posts from those areas were accurately enforcing its content guidelines, six people with knowledge of the situation said. That’s because the workers could not keep up with shifting rules about what kinds of posts were allowed about the war in Ukraine, they said.
Tech workers urge companies to join Ukraine's digital blockade of Russia
Reuters
Paresh Dave and Jeffrey Dastin
Microsoft Corp (MSFT.O) President Brad Smith wrote to Ukraine's leader this month with a clear message: despite Kyiv's calls for it to sever all ties with Russia, the U.S. software behemoth would continue doing business in the country with non-sanctioned clients, including schools and hospitals. "Depriving these institutions of software updates and services could put at risk the health and safety of innocent civilians, including children and the elderly," Smith said in the previously unreported March 14 letter, seen by Reuters.
Group backed by tech giants claims thousands of members. Many have never heard of it.
POLITICO
Emily Birnbaum
A lobbying group funded by Amazon and Google claims to represent thousands of U.S. small businesses as it opposes legislation that would clamp down on the tech industry’s giants. But dozens of those small businesses say they’ve never heard of the Connected Commerce Council. The four-year-old group listed about 5,000 small businesses in its membership directory before it removed that document from its website late last month. When POLITICO contacted 70 of those businesses, 61 said they were not members of the group and many added that they were not familiar with the organization.
Misc
Leaked details of the Lapsus$ hack make Okta’s slow response look more bizarre
WIRED
Lily Hay Newman
In the week since the digital extortion group Lapsus$ first revealed that it had breached the identity management platform Okta through one of the company's subprocessors, customers and organizations across the tech industry have been scrambling to understand the true impact of the incident. The subprocessor, Sykes Enterprises, which is owned by the business services outsourcing company Sitel Group, confirmed publicly last week that it suffered a data breach in January 2022. Now, leaked documents show Sitel's initial breach notification to customers, which would include Okta, on January 25, as well as a detailed “Intrusion Timeline” dated March 17.
Crypto heist: Hackers steal $US600m from blockchain connected to online game
The Sydney Morning Herald
Olga Kharif
Hackers stole about $US600 million ($799 million) from a blockchain network connected to the popular Axie Infinity online game in one of the biggest crypto attacks to date. Computers known as nodes operated by Axie Infinity maker Sky Mavis and the Axie DAO that support a so-called bridge -- software that lets people convert tokens into ones that can be used on another network -- were attacked, with the hacker draining what’s known as the Ronin Bridge of 173,600 Ether and 25.5 million USDC tokens in two transactions. The breach happened on March 23, but was only discovered Tuesday, according to Ronin, the blockchain that supports Axie Infinity.
Jobs
The Sydney Dialogue - Director
ASPI ICPC
The Australian Strategic Policy Institute (ASPI) is currently recruiting for a Director to lead the second iteration of ASPI’s Sydney Dialogue - the world’s premier summit on emerging, critical and cyber technologies.
The Sydney Dialogue - Senior Events Coordinator
ASPI ICPC
The Australian Strategic Policy Institute (ASPI) is currently recruiting for an experienced events professional to coordinate the planning and logistics of the second iteration of ASPI’s Sydney Dialogue - the world’s premier summit on emerging, critical and cyber technologies.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice.
Important disclaimer: This digest is a daily collation of material designed to provide authoritative information and commentary in relation to the subject matters covered. The views expressed in this material are those of the authors only. To provide feedback please contact: icpc@aspi.org.au